From: linux@horizon.com
To: torvalds@osdl.org
Cc: git@vger.kernel.org, linux@horizon.com
Subject: Re: [zooko@zooko.com: [Revctrl] colliding md5 hashes of human-meaningful
Date: 13 Jun 2005 21:03:18 -0000 [thread overview]
Message-ID: <20050613210318.18965.qmail@science.horizon.com> (raw)
In-Reply-To: <Pine.LNX.4.58.0506131305550.8487@ppc970.osdl.org>
> No, I just am not letting paranoia mean that I sit around shivering all
> day long.
I'm sorry if I implied that. I meant "paranoid" in the sense of
"imagining attack"; you were saying there is no way to attack git via
a collision attack on the underlying hash, and I objected.
I agree with you that:
- The attack is still wildly impractical, and
- Anything is better than the unauthenticated TCP we use these days!
>> The basic attack goes like this:
>>
>> - I construct two .c files with identical hashes.
> Ok, I have a better plan.
>
> - you learn to fly by flapping your arms fast enough
> - you then learn to pee burning gasoline
> - then, you fly around New York, setting everybody you see on fire, until
> people make you emperor.
>
> Sounds like a good plan, no?
ROFL! Oh my. That's worthy of reprinting. I was pleased with myself
for making fun of the "what if there's an accidental hash collision"
theory by assuming that kernel development would continue uninterrupted
until the sun went nova, but this is truly masterful scorn.
> But perhaps slightly impractical.
There are just few laws of physics it violates.
Not to mention that New York is still a trifle touchy about the combination
of flying and burning fossil fuels, and this poses problems for step 3.
> Now, let's go back to your plan. Why do you think your plan is any better
> than mine?
I was trying to point out that a collision attack is possible. That is,
*if* we assume that someone can has the ability to find a hash collision,
*then* they can use that to break git's authenticity guarantees.
I wasn't addressing the plausibility of the "if" part. I agree that
requiring the hashed text to be plausible C source makes all current
attacks (including the MD5 ones) irrelevant, and reduces you to straight
brute force, which is quite implausible.
But it *is* a collsion attack, not a preimage attack, and it *is* at
least consistent with all known laws of physics.
I did *not* say, or mean to imply, that there was anything wrong with
git's hashing.
next prev parent reply other threads:[~2005-06-13 21:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-13 19:50 [zooko@zooko.com: [Revctrl] colliding md5 hashes of human-meaningful linux
2005-06-13 20:08 ` Linus Torvalds
2005-06-13 20:17 ` Jason McMullan
2005-06-13 21:03 ` linux [this message]
2005-06-13 21:39 ` Linus Torvalds
2005-06-13 23:03 ` linux
2005-06-14 1:49 ` Benjamin Herrenschmidt
2005-06-13 20:46 ` Junio C Hamano
2005-06-13 20:52 ` Radoslaw Szkodzinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050613210318.18965.qmail@science.horizon.com \
--to=linux@horizon.com \
--cc=git@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).